New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Assertion failed were discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp #1872

Closed
wcventure opened this Issue Jan 16, 2019 · 1 comment

Comments

Projects
None yet
2 participants
@wcventure
Copy link

wcventure commented Jan 16, 2019

Hi there,

Multiple Assertion failed were discovered in wasm::WasmBinaryBuilder::getType() in wasm-binary.cpp
Here are the POC files. Please use "./wasm-opt $POC" to reproduce the error.
POC.zip

$git log

commit d24427dcc8cd6e0dbcd8c302eb2e8a5d0d6fdead
Author: Alon Zakai <alonzakai@gmail.com>
Date:   Tue Jan 15 13:20:05 2019 -0800

    Code style improvements (#1868)

    * Use modern T p = v; notation to initialize class fields
    * Use modern X() = default; notation for empty class constructors

The output was shown as follow:

wasm-opt: /binaryen/src/wasm/wasm-binary.cpp:849: wasm::Type wasm::WasmBinaryBuilder::getType(): Assertion `false' failed.
Aborted
Illegal instruction

The ASAN dumps the stack trace as follows:

    #0 0x5e81a9 in __sanitizer_print_stack_trace /home/wencheng/Documents/CLib/llvm-6.0.1/projects/compiler-rt/lib/asan/asan_stack.cc:38
    #1 0x9c0984 in wasm::WasmBinaryBuilder::getType() /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:849:3
    #2 0x9db431 in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1793:18
    #3 0x9d20eb in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1679:38
    #4 0x9cda96 in wasm::WasmBinaryBuilder::processExpressions() /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1359:16
    #5 0x9dc509 in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1822:5
    #6 0x9d20eb in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1679:38
    #7 0x9cd93c in wasm::WasmBinaryBuilder::processExpressions() /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1359:16
    #8 0x9dc509 in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1822:5
    #9 0x9d20eb in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1679:38
    #10 0x9cda96 in wasm::WasmBinaryBuilder::processExpressions() /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1359:16
    #11 0x9c8636 in wasm::WasmBinaryBuilder::getBlockOrSingleton(wasm::Type) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1838:3
    #12 0x9ddd26 in wasm::WasmBinaryBuilder::visitIf(wasm::If*) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1863:18
    #13 0x9d2baf in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1680:38
    #14 0x9cda96 in wasm::WasmBinaryBuilder::processExpressions() /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1359:16
    #15 0x9dc509 in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1822:5
    #16 0x9d20eb in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1679:38
    #17 0x9cda96 in wasm::WasmBinaryBuilder::processExpressions() /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1359:16
    #18 0x9dc509 in wasm::WasmBinaryBuilder::visitBlock(wasm::Block*) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1822:5
    #19 0x9d20eb in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1679:38
    #20 0x9cd93c in wasm::WasmBinaryBuilder::processExpressions() /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1359:16
    #21 0x9def9f in wasm::WasmBinaryBuilder::visitLoop(wasm::Loop*) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1884:3
    #22 0x9d2abc in wasm::WasmBinaryBuilder::readExpression(wasm::Expression*&) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1681:38
    #23 0x9cda96 in wasm::WasmBinaryBuilder::processExpressions() /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1359:16
    #24 0x9c8636 in wasm::WasmBinaryBuilder::getBlockOrSingleton(wasm::Type) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1838:3
    #25 0x99de66 in wasm::WasmBinaryBuilder::readFunctions() /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:1121:20
    #26 0x97ee40 in wasm::WasmBinaryBuilder::read() /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-binary.cpp:678:41
    #27 0xa82dab in wasm::ModuleReader::readBinary(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-io.cpp:52:10
    #28 0xa855a9 in wasm::ModuleReader::read(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, wasm::Module&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >) /home/wencheng/Documents/FuzzingObject/binaryen/src/wasm/wasm-io.cpp:71:5
    #29 0x627a77 in main /home/wencheng/Documents/FuzzingObject/binaryen/src/tools/wasm-opt.cpp:144:14
    #30 0x7fc826a1d82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #31 0x51c5a8 in _start (/home/wencheng/Documents/FuzzingObject/binaryen/build/bin/wasm-opt+0x51c5a8)

kripken added a commit that referenced this issue Jan 16, 2019

@kripken

This comment has been minimized.

Copy link
Member

kripken commented Jan 16, 2019

Thanks! Fix in #1874

@kripken kripken closed this in 0e5e550 Jan 19, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment